Where are the exchange keys kept?

Following what happened in Kucoin, a doubt arises.

Where are the exchange keys kept?

Are HSMs not used for key storage?

Answers 1

  • Most of the exchanges divide their funds into hotwallets and coldwallets. Hotwallets usually are made of one bigger aggregate-address known publicly and a set of deposit addresses assigned to specific users.

    When it comes to coldwallets the case is pretty easy, usually it's a hardware wallet or hardware wallet multisig scheme which exchange only uses manually or through some watch-only features.

    When it comes to hotwallets, a lot of exchanges have multisig schemes or just API access to services of external vaults, like Bitgo, or Casa. Mostly because security of hotwallet isn't that trivial. Many exchanges decide to work with their own custody solutions and many times it doesn't work that well.

    There are some solutions though, which are both fairly cheap and dosn't require external service fees, but fairly secure, like the multisig scheme with coldcard wallet (CKbunker) that aims to automatize spending rules.

    It's important to notice that even that most of the cryptocurrency exchanges are under scrutinized regulations, these regulations aren't there to protect the users, but to enforce the possible exclusion of some parties from using the cryptocurrencies.

Related Questions